- Require ronin-db ~> 0.2
- Added {Ronin::Vulns::Importer}.
- Added the
user_agent:keyword argument to {Ronin::Vulns::WebVuln#initialize}. - Added {Ronin::Vulns::WebVuln#user_agent}.
- Added {Ronin::Vulns::CommandInjection}.
- Added the
command_injection:keyword argument to {Ronin::Vulns::URLScanner.scan}. - Added {Ronin::Vulns::RFI#script_lang}.
- Support inferring the {Ronin::Vulns::RFI#script_lang} from the URL given to {Ronin::Vulns::RFI#initialize}.
- Bruteforce test every different kind of RFI test URL in {Ronin::Vulns::RFI#vulnerable?} if a test script URL was not given or the {Ronin::Vulns::RFI#script_lang} cannot be inferred from the given URL.
- Allow the
escape_type:keyword argument for {Ronin::Vulns::SSTI#initialize} to accept a Symbol value to specify the specific Server-Side-Template-Injection interpolation syntax::double_curly_braces-{{expression}}:dollar_curly_braces-${expression}:dollar_double_curly_braces-${{expression}}:pound_curly_braces-#{expression}:angle_brackets_percent-<%= expression %>
- Added the
ronin-vulns command-injectioncommand. - Added the
ronin-vulns irbcommand. - Added the
ronin-vulns completioncommand to install shell completion files for allronin-vulnscommands for Bash and Zsh shells. - Added the
-H,--request-methodoption to all commands. - Added the
--user-agentand--user-agent-stringoptions to all commands. - Added the
--test-all-form-paramsoption to all commands. - Added the
--print-curland--print-httpoptions to all commands. - Added the
--importoption to all commands. - Print a summary of all vulnerabilities found after scanning a URL, in addition to logging messages indicating when a new vulnerability has just been found.
- Use hyphenated values for the
--lfi-filter-bypassoption in theronin-vulns scancommand and--filter-bypassoption in theronin-vulns lficommand.
- Improve the accuracy of {Ronin::Vulns::OpenRedirect#vulnerable?} when
detecting open redirects in meta-refresh HTML tags.
- Match the test URL when it ends with
?...,&..., or&.... - Detect when the test URL has an additional string appended to it
(ex:
.html). The appended string can easily be bypassed by adding a?,&, or#character to the end of the test URL.
- Match the test URL when it ends with
- Improved the performance of
ronin-vulnscommands when scanning multiple URLs or a file of URLs by not rebuilding an identical {Ronin::Vulns::CLI::WebVulnCommand#scan_kwargs} for each URL. - Allow the
--cookie "..."option to be repeated multiple times and merge the cookie strings together. - Allow the
--cookie-param NAME=VALUEoption to be used with the--cookie "..."option and merge the cookie values together. - Print vulnerable param names in single quotes.
- Fixed a bug in {Ronin::Vulns::SSTI.scan} where when called without
escape:it would not return all found vulnerabilities. - Fixed a bug in {Ronin::Vulns::SQLI.scan} where repeat requests would be sent
even if
escape_quote:,escape_parens:, orterminate:keyword arguments are given. - Improved {Ronin::Vulns::ReflectedXSS::Context} to detect when the XSS occurs after or inside of an HTML comment.
- Require
ronin-support~> 1.0, >= 1.0.1
- Validate that given URLs start with either
http://orhttps://, and print an error message otherwise. - Print a
No vulnerabilities foundmessage when no vulnerabilities were discovered.
- Fixed typo in {Ronin::Vulns::CLI::WebVulnCommand#process_url} which effected
the
ronin-vulns lficommand and others.
- Initial release:
- Require
ruby>= 3.0.0. - Supports testing for:
- Local File Inclusion (LFI)
- Remote File Inclusion (RFI)
- PHP
- ASP Class / ASP.NET
- JSP
- ColdFusion
- Perl
- SQL Injection (SQLi)
- Reflected Cross Site Scripting (XSS)
- Server Side Template Injection (SSTI)
- Open Redirects
- Supports testing:
- URL query parameters.
- HTTP Headers.
- HTTP
Cookieparameters. - Form parameters.
- Require